generating different initiator identities, configs and certificates on the fly

author: Martin Willi <martin@strongswan.org> 2008-12-08 19:18:28 +0000
committer: Martin Willi <martin@strongswan.org> 2008-12-08 19:18:28 +0000
commit: 5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1 (patch)
tree: 541b5afd0c5cc0d804044f390e494a891b1fe1dd /src/charon/plugins/load_tester
parent: aa5c5d3fde1900ffbf4d38446197aa5649fb00fc (diff)
download: strongswan-5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1.tar.bz2
strongswan-5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1.tar.xz
3 files changed, 213 insertions, 101 deletions
diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c
index b184ad2b6..63a56a5e2 100644
--- a/src/charon/plugins/load_tester/load_tester_config.c
+++ b/src/charon/plugins/load_tester/load_tester_config.c
@@ -35,9 +35,89 @@ struct private_load_tester_config_t {
 	 * peer config
 	 */
 	peer_cfg_t *peer_cfg;
+	
+	/**
+	 * virtual IP, if any
+	 */
+	host_t *vip;
+	
+	/**
+	 * Remote address
+	 */
+	char *remote;
+	
+	/**
+	 * IP address pool
+	 */
+	char *pool;
+	
+	/**
+ 	 * IKE proposal
+ 	 */
+	proposal_t *proposal;
+	
+	/**
+	 * Authentication method to use
+	 */
+	auth_class_t class;
+	
+	/**
+	 * incremental numbering of generated configs
+	 */
+	u_int num;
 };
 
 /**
+ * Generate a new initiator config, num = 0 for responder config
+ */
+static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
+{
+	ike_cfg_t *ike_cfg;
+	child_cfg_t *child_cfg;
+	peer_cfg_t *peer_cfg;
+	traffic_selector_t *ts;
+	auth_info_t *auth;
+	identification_t *local, *remote;
+	proposal_t *proposal;
+	char buf[128];
+	
+	if (num)
+	{	/* initiator */
+		snprintf(buf, sizeof(buf), "CN=cli-%d, OU=load-test, O=strongSwan", num);
+		local = identification_create_from_string(buf);
+		snprintf(buf, sizeof(buf), "CN=srv, OU=load-test, O=strongSwan", num);
+		remote = identification_create_from_string(buf);
+	}
+	else
+	{	/* responder */
+		local = identification_create_from_string(
+										"CN=srv, OU=load-test, O=strongSwan");
+		remote = identification_create_from_string(
+										"CN=*, OU=load-test, O=strongSwan");
+	}
+	
+	ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", this->remote);
+	ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
+	peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, local, remote,
+			CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
+			0, 0, TRUE, 60,	/* jitter, overtime, mobike, dpddelay */
+			this->vip ? this->vip->clone(this->vip) : NULL,
+			this->pool, FALSE, NULL, NULL);
+	auth = peer_cfg->get_auth(peer_cfg);
+	auth->add_item(auth, AUTHN_AUTH_CLASS, &this->class);
+	child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
+								 MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
+	proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
+	child_cfg->add_proposal(child_cfg, proposal);
+	ts = traffic_selector_create_dynamic(0, 0, 65535);
+	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+	ts = traffic_selector_create_dynamic(0, 0, 65535);
+	child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+	peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+	return peer_cfg;
+}
+
+/**
  * Implementation of backend_t.create_peer_cfg_enumerator.
  */
 static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this,
@@ -67,7 +147,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this,
 {
 	if (streq(name, "load-test"))
 	{
-		return this->peer_cfg->get_ref(this->peer_cfg);
+		return generate_config(this, this->num++);
 	}
 	return NULL;
 }
@@ -78,6 +158,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this,
 static void destroy(private_load_tester_config_t *this)
 {
 	this->peer_cfg->destroy(this->peer_cfg);
+	DESTROY_IF(this->proposal);
+	DESTROY_IF(this->vip);
 	free(this);
 }
 
@@ -87,65 +169,45 @@ static void destroy(private_load_tester_config_t *this)
 load_tester_config_t *load_tester_config_create()
 {
 	private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t);
-	ike_cfg_t *ike_cfg;
-	child_cfg_t *child_cfg;
-	proposal_t *proposal;
-	traffic_selector_t *ts;
-	auth_info_t *auth;
-	auth_class_t class;
-	char *remote, *pool, *authstr;
-	host_t *vip = NULL;
+	char *authstr;
 	
 	this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
 	this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
 	this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
 	this->public.destroy = (void(*)(load_tester_config_t*))destroy;
 	
+	this->vip = NULL;
 	if (lib->settings->get_bool(lib->settings,
 				"charon.plugins.load_tester.request_virtual_ip", FALSE))
 	{
-		vip = host_create_from_string("0.0.0.0", 0);
+		this->vip = host_create_from_string("0.0.0.0", 0);
 	}
-	pool = lib->settings->get_str(lib->settings,
+	this->pool = lib->settings->get_str(lib->settings,
 				"charon.plugins.load_tester.pool", NULL);
-	remote = lib->settings->get_str(lib->settings, 
+	this->remote = lib->settings->get_str(lib->settings, 
 				"charon.plugins.load_tester.remote", "127.0.0.1");
-	ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", remote);
-	proposal = proposal_create_from_string(PROTO_IKE,
+				
+	this->proposal = proposal_create_from_string(PROTO_IKE,
 			lib->settings->get_str(lib->settings,
 				"charon.plugins.load_tester.proposal", "aes128-sha1-modp768"));
-	if (!proposal)
+	if (!this->proposal)
 	{	/* fallback */
-		proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768");
+		this->proposal = proposal_create_from_string(PROTO_IKE,
+													 "aes128-sha1-modp768");
 	}
-	ike_cfg->add_proposal(ike_cfg, proposal);
-	this->peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
-			identification_create_from_string("load-test@strongswan.org"),
-			identification_create_from_string("load-test@strongswan.org"),
-			CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
-			0, 0, TRUE, 60,	/* jitter, overtime, mobike, dpddelay */
-			vip, pool, FALSE, NULL, NULL);
-	auth = this->peer_cfg->get_auth(this->peer_cfg);
 	authstr = lib->settings->get_str(lib->settings,
 								"charon.plugins.load_tester.auth", "pubkey");
 	if (streq(authstr, "psk"))
 	{
-		class = AUTH_CLASS_PSK;
+		this->class = AUTH_CLASS_PSK;
 	}
 	else
 	{
-		class = AUTH_CLASS_PUBKEY;
+		this->class = AUTH_CLASS_PUBKEY;
 	}
-	auth->add_item(auth, AUTHN_AUTH_CLASS, &class);
-	child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
-								 MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
-	proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
-	child_cfg->add_proposal(child_cfg, proposal);
-	ts = traffic_selector_create_dynamic(0, 0, 65535);
-	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
-	ts = traffic_selector_create_dynamic(0, 0, 65535);
-	child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
-	this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
+	
+	this->num = 1;
+	this->peer_cfg = generate_config(this, 0);
 	
 	return &this->public;
 }
diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/charon/plugins/load_tester/load_tester_creds.c
index f3f5a1284..a2087269d 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.c
+++ b/src/charon/plugins/load_tester/load_tester_creds.c
@@ -17,8 +17,11 @@
 
 #include "load_tester_creds.h"
 
+#include <time.h>
+
 #include <daemon.h>
 #include <credentials/keys/shared_key.h>
+#include <credentials/certificates/x509.h>
 #include <utils/identification.h>
 
 typedef struct private_load_tester_creds_t private_load_tester_creds_t;
@@ -38,9 +41,14 @@ struct private_load_tester_creds_t {
 	private_key_t *private;
 	
 	/**
-	 * Trusted certificate to verify signatures
+	 * CA certificate, to issue/verify peer certificates
+	 */
+	certificate_t *ca;
+	
+	/**
+	 * serial number to issue certificates
 	 */
-	certificate_t *cert;
+	u_int32_t serial;
 	
 	/**
 	 * Preshared key
@@ -116,28 +124,33 @@ static char private[] = {
 /**
  * And an associated self-signed certificate
 -----BEGIN CERTIFICATE-----
-MIIB2zCCAUSgAwIBAgIRAKmSLQc+3QV4WswVkpxqY5kwDQYJKoZIhvcNAQEFBQAw
-FzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMB4XDTA4MTAyMTEyNDk0MFoXDTEzMTAy
-MDEyNDk0MFowFzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMIGfMA0GCSqGSIb3DQEB
+MIIB9DCCAV2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA3MQwwCgYDVQQDEwNzcnYx
+EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0wODEy
+MDgxODU4NDhaFw0xODEyMDYxODU4NDhaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
+CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
 AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
 VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
 BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
-AQABoycwJTAjBgNVHREEHDAagRhsb2FkLXRlc3RAc3Ryb25nc3dhbi5vcmcwDQYJ
-KoZIhvcNAQEFBQADgYEATyQ3KLVU13Q3U3uZZtQL56rm680wMLu0+2z164PnxcTu
-Donp19AwPfvl4y0kjCdQYqUA6NXczub40ZrCMfmZEbVarW9oAys9lWef8sqfW0pv
-asNWsTOOwgg4gcASh1VCYsMX73C8R1pegWM/btyX2SEa7+R1rBEZwHVtIxgFcnM=
+AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF39Xedyk2wj
+qOcaaZ7ypb8RDlLvS0uaJMVtLtIhtb2weMMlgdmOnKXEYrJL2/mbp14Fhe+XYME9
+nZLAnmUnX8bQWCsQlajb7YGE8w6QDMwXUVgSXTMhRl+PRX2CMIUzU21h1EIx65Po
+CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf
 -----END CERTIFICATE-----
+
  */
-static char cert[] = {
-  0x30,0x82,0x01,0xdb,0x30,0x82,0x01,0x44,0xa0,0x03,0x02,0x01,0x02,0x02,0x11,0x00,
-  0xa9,0x92,0x2d,0x07,0x3e,0xdd,0x05,0x78,0x5a,0xcc,0x15,0x92,0x9c,0x6a,0x63,0x99,
+char cert[] = {
+  0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
   0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,
-  0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64,
-  0x2d,0x74,0x65,0x73,0x74,0x69,0x6e,0x67,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x30,
-  0x32,0x31,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,0x30,0x32,
-  0x30,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,
-  0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x69,0x6e,
-  0x67,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+  0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
+  0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
+  0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
+  0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x32,
+  0x30,0x38,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x17,0x0d,0x31,0x38,0x31,0x32,0x30,
+  0x36,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
+  0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
+  0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
+  0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
+  0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
   0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
   0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
   0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
@@ -147,20 +160,20 @@ static char cert[] = {
   0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
   0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
   0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
-  0x01,0x00,0x01,0xa3,0x27,0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x11,0x04,0x1c,
-  0x30,0x1a,0x81,0x18,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x40,0x73,0x74,
-  0x72,0x6f,0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,0x72,0x67,0x30,0x0d,0x06,0x09,
-  0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x4f,
-  0x24,0x37,0x28,0xb5,0x54,0xd7,0x74,0x37,0x53,0x7b,0x99,0x66,0xd4,0x0b,0xe7,0xaa,
-  0xe6,0xeb,0xcd,0x30,0x30,0xbb,0xb4,0xfb,0x6c,0xf5,0xeb,0x83,0xe7,0xc5,0xc4,0xee,
-  0x0e,0x89,0xe9,0xd7,0xd0,0x30,0x3d,0xfb,0xe5,0xe3,0x2d,0x24,0x8c,0x27,0x50,0x62,
-  0xa5,0x00,0xe8,0xd5,0xdc,0xce,0xe6,0xf8,0xd1,0x9a,0xc2,0x31,0xf9,0x99,0x11,0xb5,
-  0x5a,0xad,0x6f,0x68,0x03,0x2b,0x3d,0x95,0x67,0x9f,0xf2,0xca,0x9f,0x5b,0x4a,0x6f,
-  0x6a,0xc3,0x56,0xb1,0x33,0x8e,0xc2,0x08,0x38,0x81,0xc0,0x12,0x87,0x55,0x42,0x62,
-  0xc3,0x17,0xef,0x70,0xbc,0x47,0x5a,0x5e,0x81,0x63,0x3f,0x6e,0xdc,0x97,0xd9,0x21,
-  0x1a,0xef,0xe4,0x75,0xac,0x11,0x19,0xc0,0x75,0x6d,0x23,0x18,0x05,0x72,0x73,
+  0x01,0x00,0x01,0xa3,0x10,0x30,0x0e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x04,0x05,
+  0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+  0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x5d,0xfd,0x5d,0xe7,0x72,0x93,0x6c,0x23,
+  0xa8,0xe7,0x1a,0x69,0x9e,0xf2,0xa5,0xbf,0x11,0x0e,0x52,0xef,0x4b,0x4b,0x9a,0x24,
+  0xc5,0x6d,0x2e,0xd2,0x21,0xb5,0xbd,0xb0,0x78,0xc3,0x25,0x81,0xd9,0x8e,0x9c,0xa5,
+  0xc4,0x62,0xb2,0x4b,0xdb,0xf9,0x9b,0xa7,0x5e,0x05,0x85,0xef,0x97,0x60,0xc1,0x3d,
+  0x9d,0x92,0xc0,0x9e,0x65,0x27,0x5f,0xc6,0xd0,0x58,0x2b,0x10,0x95,0xa8,0xdb,0xed,
+  0x81,0x84,0xf3,0x0e,0x90,0x0c,0xcc,0x17,0x51,0x58,0x12,0x5d,0x33,0x21,0x46,0x5f,
+  0x8f,0x45,0x7d,0x82,0x30,0x85,0x33,0x53,0x6d,0x61,0xd4,0x42,0x31,0xeb,0x93,0xe8,
+  0x0b,0x03,0x0b,0x6c,0x9e,0xef,0x42,0xac,0x0f,0x1d,0x74,0x62,0xb4,0x39,0x8d,0x90,
+  0x43,0x8a,0xf4,0x7f,0xaf,0x46,0x70,0xdf,
 };
 
+
 /**
  * A preshared key
  */
@@ -202,7 +215,13 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this,
 							certificate_type_t cert, key_type_t key,
 							identification_t *id, bool trusted)
 {
-	if (this->cert == NULL)
+	certificate_t *peer_cert;
+	public_key_t *peer_key, *ca_key;
+	u_int32_t serial;
+	time_t now;
+	identification_t *keyid = NULL;
+	
+	if (this->ca == NULL)
 	{
 		return NULL;
 	}
@@ -214,11 +233,40 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this,
 	{
 		return NULL;
 	}
-	if (id && !this->cert->has_subject(this->cert, id))
+	ca_key = this->ca->get_public_key(this->ca);
+	if (ca_key && id)
 	{
-		return NULL;
+		keyid = ca_key->get_id(ca_key, id->get_type(id));
+	}
+	if (!id || this->ca->has_subject(this->ca, id) ||
+		(keyid && id->equals(id, keyid)))
+	{	/* ca certificate */
+		DESTROY_IF(ca_key);
+		return enumerator_create_single(this->ca, NULL);
+	}
+	DESTROY_IF(ca_key);
+	if (!trusted)
+	{
+		/* peer certificate, generate on demand */
+		serial = htonl(++this->serial);
+		now = time(NULL);
+		peer_key = this->private->get_public_key(this->private);
+		peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+									BUILD_SIGNING_KEY, this->private,
+									BUILD_SIGNING_CERT, this->ca,
+									BUILD_PUBLIC_KEY, peer_key,
+									BUILD_SUBJECT, id,
+									BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
+									BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
+									BUILD_SERIAL, chunk_from_thing(serial),
+									BUILD_END);
+		peer_key->destroy(peer_key);
+		if (peer_cert)
+		{
+			return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
+		}
 	}
-	return enumerator_create_single(this->cert, NULL);
+	return NULL;
 }
 
 /**
@@ -249,7 +297,7 @@ static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this,
 static void destroy(private_load_tester_creds_t *this)
 {
 	DESTROY_IF(this->private);
-	DESTROY_IF(this->cert);
+	DESTROY_IF(this->ca);
 	this->shared->destroy(this->shared);
 	this->id->destroy(this->id);
 	free(this);
@@ -267,14 +315,18 @@ load_tester_creds_t *load_tester_creds_create()
 	this->public.destroy = (void(*) (load_tester_creds_t*))destroy;
 	
 	this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
-		BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END);	
+				BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
+				BUILD_END);
 	
-	this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-		BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_END);			   
+	this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+				BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)),
+				BUILD_X509_FLAG, X509_CA,
+				BUILD_END);
 	
 	this->shared = shared_key_create(SHARED_IKE, 
 									 chunk_clone(chunk_create(psk, sizeof(psk))));
-	this->id = identification_create_from_string("load-test@strongswan.org");
+	this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan");
+	this->serial = 0;
 	return &this->public;
 }
 
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c
index cd4a5f802..257c7451b 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.c
+++ b/src/charon/plugins/load_tester/load_tester_plugin.c
@@ -91,9 +91,6 @@ struct private_load_tester_plugin_t {
  */
 static job_requeue_t do_load_test(private_load_tester_plugin_t *this)
 {
-	peer_cfg_t *peer_cfg;
-	child_cfg_t *child_cfg = NULL;;
-	enumerator_t *enumerator;
 	int i, s = 0, ms = 0;
 	
 	this->mutex->lock(this->mutex);
@@ -107,37 +104,38 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this)
 		s = this->delay / 1000;
 		ms = this->delay % 1000;
 	}
-	peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
-													  "load-test");
-	if (peer_cfg)
+	
+	for (i = 0; this->iterations == 0 || i < this->iterations; i++)
 	{
+		peer_cfg_t *peer_cfg;
+		child_cfg_t *child_cfg = NULL;
+		enumerator_t *enumerator;
+	
+		peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
+														  "load-test");
+		if (!peer_cfg)
+		{
+			break;
+		}
 		enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
-		if (enumerator->enumerate(enumerator, &child_cfg))
+		if (!enumerator->enumerate(enumerator, &child_cfg))
 		{
-			child_cfg->get_ref(child_cfg);
+			enumerator->destroy(enumerator);
+			break;
 		}
 		enumerator->destroy(enumerator);
 		
-		if (child_cfg)
-		{
-			for (i = 0; this->iterations == 0 || i < this->iterations; i++)
-			{
-				charon->controller->initiate(charon->controller,
-					peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
+		charon->controller->initiate(charon->controller,
+					peer_cfg, child_cfg->get_ref(child_cfg),
 					NULL, NULL);
-				
-				if (s)
-				{
-					sleep(s);
-				}
-				if (ms)
-				{
-					usleep(ms * 1000);
-				}
-			}
-			child_cfg->destroy(child_cfg);
+		if (s)
+		{
+			sleep(s);
+		}
+		if (ms)
+		{
+			usleep(ms * 1000);
 		}
-		peer_cfg->destroy(peer_cfg);
 	}
 	this->mutex->lock(this->mutex);
 	this->running--;
author	Martin Willi <martin@strongswan.org>	2008-12-08 19:18:28 +0000
committer	Martin Willi <martin@strongswan.org>	2008-12-08 19:18:28 +0000
commit	5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1 (patch)
tree	541b5afd0c5cc0d804044f390e494a891b1fe1dd /src/charon/plugins/load_tester
parent	aa5c5d3fde1900ffbf4d38446197aa5649fb00fc (diff)
download	strongswan-5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1.tar.bz2 strongswan-5bdc8fc794dd2c64a201bee7292c9f0d915e9ff1.tar.xz